XP SP2 Issues

[RJ]

Interesting things spotted on a quick overview read of all comments
at the SANS XP SP2 page:
http://isc.sans.org/xpsp2.php
1.. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost everyone with critical problems
was running a Prescott. (One suggestion by a poster was that Intel's NX technology is glitched, and
thus is not allowing the boot code to finish running.)
2.. Those with "issues" seemed to find these cleared up either with a fresh install, followed by
SP2, or by installing a version of XP that was slipstreamed with SP2. The problems might have been
caused by something running in memory (an uncaught virus, or spyware?).
3.. Recommendations are very, VERY firm about running a full antivirus scan, followed by a scan
for spyware (and other malware) before doing an install.
4.. Some drivers need to be re-installed, especially for devices using USB.
5.. Most all other "issues" were with programs that needed to be added to the Windows firewall.
Don't use the Windows Firewall. It is rather useless. Use a firewall such as ZoneAlarm.
6.. One major problem (for some) was the port speed limitation that Microsoft added. In other
words, if you have a single program that opens more than 10 simultaneous connections (Ie, some of
the newer file transfer protocols, or NMap to test your system for vulnerabilities), Microsoft
automatically limits the thru-put to around that of a 1200bps modem. Under normal conditions, you'll
never see this -- but if you try to run NMap (or other software that opens a TON of connections
simultaneously), you'll see this -- fast."
As always, Windows Service Pack installs require homework and testing. You could be one of the
lucky ones that downloads, installs and voila, no problems. But do you want to take that chance?
Do your homework. Send the bill for your time and effort to Microsoft Corp.

 

[Ron Reaugh]

Interesting things spotted on a quick overview read of all comments
at the SANS XP SP2 page:
http://isc.sans.org/xpsp2.php
1.. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost

everyone with critical problems

was running a Prescott.

No, one just needs the latest mobo BIOS with the proper Prescott microcode.
OR rename update.sys and SP2 works fine.

(One suggestion by a poster was that Intel's NX technology is glitched, and
thus is not allowing the boot code to finish running.)
2.. Those with "issues" seemed to find these cleared up either with a

fresh install,

No, mobo BIOS flash.

followed by
SP2, or by installing a version of XP that was slipstreamed with SP2. The problems might have been
caused by something running in memory (an uncaught virus, or spyware?).
3.. Recommendations are very, VERY firm about running a full antivirus scan, followed by a scan
for spyware (and other malware) before doing an install.
4.. Some drivers need to be re-installed, especially for devices using USB.
5.. Most all other "issues" were with programs that needed to be added to the Windows firewall.
Don't use the Windows Firewall. It is rather useless. Use a firewall

such as ZoneAlarm.

No, SP2's firewall is just fine along with any good virus checker. Lose
ZA.

 

[Edward W. Thompson]

Windows Firewall is only fine for those who have no concern about exporting
malware to those in their address book.

If you think Windows Firewall is 'fine' then I suggest you are no better
than the author of the malware as you will be one of their distributors.

 

[John Waller]

If you think Windows Firewall is 'fine'

What's wrong with it?

 

[Alias]

"John Waller" wrote

What's wrong with it?

It only monitors incoming traffic, not outgoing traffic.

Alias

 

[Guest]

everyone with critical problems

No, one just needs the latest mobo BIOS with the proper Prescott microcode.
OR rename update.sys and SP2 works fine.

fresh install,

No, mobo BIOS flash.

such as ZoneAlarm.

No, SP2's firewall is just fine along with any good virus checker. Lose
ZA.


Windows firewall is what?

Try doing a Leak test (get the utility fromWWW.grc.com)
While there try a few port probes.I did this, Windows firewall leaked like a
seive!
You may also find as many others have that despite yurning off Windows
firewall it graciously continues to block programs WITHOUT telling you.
You cannot compare a product like Zone Alarm and Windows Firewall.

 

[J.]

See here for accurate info on the Prescott microcode issue:

http://support.microsoft.com/default.aspx?kbid=885626

 

[John Waller]

If I'm using a NAT router, do I need a firewall?

 

[Malke]

If I'm using a NAT router, do I need a firewall?

Yes, it is a good idea.

Malke

 

[John Waller]

Yes, it is a good idea.

But not essential?

The company that administers our company server say we don't need software
firewalls on every machine. We don't have a hardware firewall either.

 

[Malke]

But not essential?

The company that administers our company server say we don't need
software firewalls on every machine. We don't have a hardware firewall
either.

It depends on what is being used as a firewall on the corporate level. I
would certainly have a really good firewall between the outside world
and my corporate network, with no additional software firewalls needed
on the workstations. But since I don't know what your IT Dept. has
done, I can't comment on it.

Malke

 

[Ron Reaugh]

Windows Firewall is only fine for those who have no concern about exporting
malware to those in their address book.

Nope, a good virus checker and spyware checker prevents that along with
SP2's firewall.

If you think Windows Firewall is 'fine' then I suggest you are no better
than the author of the malware as you will be one of their distributors.

Clueless.

Why don't you go tell your tales to the SP2 development team.

 

[Ron Reaugh]

"John Waller" wrote


It only monitors incoming traffic, not outgoing traffic.

With a proper virus checker and adware checker outgoing checking is NOT
needed.

 

[Ron Reaugh]

Try doing a Leak test (get the utility fromWWW.grc.com)
While there try a few port probes.I did this, Windows firewall leaked like a
seive!
You may also find as many others have that despite yurning off Windows
firewall it graciously continues to block programs WITHOUT telling you.
You cannot compare a product like Zone Alarm and Windows Firewall.

Right, Windows SP2's Firewall is fully integrated with the MS XP OS and
hooked directly to Automatic Update..no comparison. Lose ZA.

 

[Ron Reaugh]

If I'm using a NAT router, do I need a firewall?

I'd use SP2's firewall as it hooked to MS's Automatic Updates.

 

[Ron Reaugh]

But not essential?

The company that administers our company server say we don't need software
firewalls on every machine. We don't have a hardware firewall either.

Then there's something missing from your story OR you need a new "company
that administers". I suspect the former.

 

[formerprof]

Outgoing checking is only unnecessary if you trust people like Microsoft,
Real Networks, Intuit and many others not to write home with info from your
machine. I think it would be naive to extend that trust, especially since
two I've mentioned have already been caught doing exactly that.


formerprof
(e-mail address removed)

 

[Ron Reaugh]

Outgoing checking is only unnecessary if you trust people like Microsoft,
Real Networks, Intuit and many others not to write home with info from your
machine.

Exactly, I want them to try so that I can certify the class. They ain't
gonna do it at least in any offensive fashion.

I think it would be naive to extend that trust, especially since
two I've mentioned have already been caught doing exactly that.

Not seriously and that's changing. That's an issue for AGs and not for each
persons PC and fancy firewalls.

 

[Ron Reaugh]

Outgoing checking is only unnecessary if you trust people like Microsoft,
Real Networks, Intuit and many others not to write home with info from your
machine.

Besides if they get offensive then adware checkers will take em down!

 

[formerprof]

Dear Ron,

Well I'm certainly ready to join the class -- but I think I have less faith
in the process than you do given what seems to me to be the larger public's
indifference to privacy issues. Moreover it would take some pretty dedicated
decrypting and hacking to discover whether Intuit is studying my bank
accounts, and Microsoft my musical preferences or manuscripts.

All good wishes.

formerprof
(e-mail address removed)